srober Posted October 23, 2007 Posted October 23, 2007 I keep getting emails from others saying that my site is producing phishing scamming. I keep deleting the added files but they keep reappearing. What can I do to keep this from happening? How are they evening getting the files in the site? Any help would be appreciated.
Nullachtfuffzehn Posted October 23, 2007 Posted October 23, 2007 I think you should be a little bit more specific which files you're talking about. There are a lot of possibilities to intrude code into PHP sites, so I can only guess what's happening.
srober Posted October 23, 2007 Author Posted October 23, 2007 A few was in the image files. I had one in a folder I created to store my pdf files for customers to view. This is all inside the catalog folder. How do these files get put in there to begin with?
Nullachtfuffzehn Posted October 23, 2007 Posted October 23, 2007 Most likely the intruders used the standard directories of OSC. I've mentioned a couple of times before to change the folders like /images which are set to chmod 777 to another name, so the usual attacks run into nothing. Anyways, you can restrict those directories via .htaccess.
srober Posted October 23, 2007 Author Posted October 23, 2007 Most likely the intruders used the standard directories of OSC. I've mentioned a couple of times before to change the folders like /images which are set to chmod 777 to another name, so the usual attacks run into nothing. Anyways, you can restrict those directories via .htaccess. Can I just change the permission to where there is not write access? I did a few searches on the topic and have seen the .htaccess suggestions but I dont know what that means. I am a novice at best the site is only used 3 months out of the year as a registration site for a once a year event. Thanks
Nullachtfuffzehn Posted October 23, 2007 Posted October 23, 2007 No, you can't change the permissions, since the site won't work anymore then unfortunately. As I said, rename those folders and change the setting accordingly in your /includes/configure.php as well as in admin/includes/configure.php. To get more informations about .htaccess just google for it.
srober Posted October 23, 2007 Author Posted October 23, 2007 Just out of curiosity but how does one do it to begin with? Some of the files that been tampered with other than images was a file I called PDF with permission set at 755. I just wonder how they do it. Why they would target any particular site, especially mine since its not well known and only gets used 3 months out of a year. If they did that much should I fear that the customer info has been breeched? This is something that really had me nervous now.
Nullachtfuffzehn Posted October 24, 2007 Posted October 24, 2007 It's hard to say, if anyone has hacked your database. How secure your site is, depends on the scripts, the setup of the webserver with mysql/PHP and your configurations. If your site can be found at google or any other search engines it is not hard for those people to add them to their list of pontential hacking targets. Due to the fact that you can't avoid those attemps completely it is recommended to view the server protocols on a regular basis, so you can take action if you spot them.
duke22 Posted October 24, 2007 Posted October 24, 2007 have a look at my post I have a similar experience
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.